def createFields(self):
yield UInt16(self, "size", "Node size (in bytes)")
yield UInt16(self, "data_size")
yield Enum(UInt16(self, "type"), self.TYPE_NAME)
yield CString(self, "name", charset="UTF-16-LE")
size = paddingSize(self.current_size//8, 4)
if size:
yield NullBytes(self, "padding[]", size)
size = self["data_size"].value
if size:
if self["type"].value == self.TYPE_STRING:
if self.is_32bit:
size *= 2
yield String(self, "value", size, charset="UTF-16-LE", truncate="\0")
elif self["name"].value == "VS_VERSION_INFO":
yield VersionInfoBinary(self, "value", size=size*8)
if self["value/file_flags_mask"].value == 0:
self.is_32bit = False
else:
yield RawBytes(self, "value", size)
while 12 <= (self.size - self.current_size) // 8:
yield VersionInfoNode(self, "node[]", self.is_32bit)
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "padding[]", size)
def createFields(self):
yield Bytes(self, "jmp", 3, "Jump instruction (to skip over header on boot)")
yield Bytes(self, "oem_name", 8, "OEM Name (padded with spaces)")
yield UInt16(self, "sector_size", "Bytes per sector")
yield UInt8 (self, "cluster_size", "Sectors per cluster")
yield UInt16(self, "reserved_sectors", "Reserved sector count (including boot sector)")
yield UInt8 (self, "fat_nb", "Number of file allocation tables")
yield UInt16(self, "max_root", "Maximum number of root directory entries")
yield UInt16(self, "sectors1", "Total sectors (if zero, use 'sectors2')")
yield UInt8 (self, "media_desc", "Media descriptor")
yield UInt16(self, "fat_size", "Sectors per FAT")
yield UInt16(self, "track_size", "Sectors per track")
yield UInt16(self, "head_nb", "Number of heads")
yield UInt32(self, "hidden", "Hidden sectors")
yield UInt32(self, "sectors2", "Total sectors (if greater than 65535)")
if self.parent.version == 32:
yield UInt32(self, "fat32_size", "Sectors per FAT")
yield UInt16(self, "fat_flags", "FAT Flags")
yield UInt16(self, "version", "Version")
yield UInt32(self, "root_start", "Cluster number of root directory start")
yield UInt16(self, "inf_sector", "Sector number of FS Information Sector")
yield UInt16(self, "boot_copy", "Sector number of a copy of this boot sector")
yield NullBytes(self, "reserved[]", 12, "Reserved")
yield UInt8(self, "phys_drv", "Physical drive number")
yield NullBytes(self, "reserved[]", 1, 'Reserved ("current head")')
yield UInt8(self, "sign", "Signature")
yield textHandler(UInt32(self, "serial", "ID (serial number)"), hexadecimal)
yield String(self, "label", 11, "Volume Label", strip=' ', charset="ASCII")
yield String(self, "fs_type", 8, "FAT file system type", strip=' ', charset="ASCII")
yield Bytes(self, "code", 510-self.current_size/8, "Operating system boot code")
yield Bytes(self, "trail_sig", 2, "Signature (0x55 0xAA)")
def createFields(self):
yield Bytes(self, "jump", 3, "Intel x86 jump instruction")
yield String(self, "name", 8)
yield BiosParameterBlock(self, "bios", "BIOS parameters")
yield textHandler(UInt8(self, "physical_drive", "(0x80)"), hexadecimal)
yield NullBytes(self, "current_head", 1)
yield textHandler(
UInt8(self, "ext_boot_sig", "Extended boot signature (0x80)"),
hexadecimal)
yield NullBytes(self, "unused", 1)
yield UInt64(self, "nb_sectors")
yield UInt64(self, "mft_cluster", "Cluster location of MFT data")
yield UInt64(self, "mftmirr_cluster",
"Cluster location of copy of MFT")
yield UInt8(self, "cluster_per_mft", "MFT record size in clusters")
yield NullBytes(self, "reserved[]", 3)
yield UInt8(self, "cluster_per_index", "Index block size in clusters")
yield NullBytes(self, "reserved[]", 3)
yield textHandler(UInt64(self, "serial_number"), hexadecimal)
yield textHandler(UInt32(self, "checksum", "Boot sector checksum"),
hexadecimal)
yield Bytes(self, "boot_code", 426)
yield Bytes(self, "mbr_magic", 2,
r"Master boot record magic number (\x55\xAA)")
def createFields(self):
bytes = self.stream.readBytes(self.absolute_address, 4)
if bytes == "\0R\0\0":
charset = "UTF-16-BE"
else:
charset = "UTF-16-LE"
yield String(self, "name", 64, charset=charset, truncate="\0")
yield UInt16(self, "namelen", "Length of the name")
yield Enum(UInt8(self, "type", "Property type"), self.TYPE_NAME)
yield Enum(UInt8(self, "decorator", "Decorator"), self.DECORATOR_NAME)
yield SECT(self, "left")
yield SECT(self, "right")
yield SECT(self, "child",
"Child node (valid for storage and root types)")
yield GUID(self, "clsid",
"CLSID of this storage (valid for storage and root types)")
yield NullBytes(self, "flags", 4, "User flags")
yield TimestampWin64(
self, "creation",
"Creation timestamp(valid for storage and root types)")
yield TimestampWin64(
self, "lastmod",
"Modify timestamp (valid for storage and root types)")
yield SECT(
self, "start",
"Starting SECT of the stream (valid for stream and root types)")
if self["/header/bb_shift"].value == 9:
yield filesizeHandler(
UInt32(self, "size",
"Size in bytes (valid for stream and root types)"))
yield NullBytes(self, "padding", 4)
else:
yield filesizeHandler(
UInt64(self, "size",
"Size in bytes (valid for stream and root types)"))
def createFields(self):
yield String(self,
"header_id",
4,
"DataBase Header Markup (\"mhbd\")",
charset="ISO-8859-1")
yield UInt32(self, "header_length", "Header Length")
yield UInt32(self, "entry_length", "Entry Length")
yield UInt32(self, "unknown[]")
yield UInt32(self, "version_number", "Version Number")
yield UInt32(self, "child_number", "Number of Children")
yield UInt64(self, "id", "ID for this database")
yield UInt16(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield UInt64(self, "unknown[]")
yield UInt16(self, "unknown[]")
yield UInt16(self, "hashing_scheme[]",
"Algorithm used to calculate the database hash")
yield NullBytes(self, "unknown[]", 20)
yield String(self, "language_id", 2, "Language ID")
yield UInt64(self, "persistent_id", "Library Persistent ID")
yield UInt32(self, "unknown[]")
yield UInt32(self, "unknown[]")
yield RawBytes(self, "hash[]", 20)
yield Int32(self, "timezone_offset[]", "Timezone offset in seconds")
yield UInt16(self, "unknown[]")
yield RawBytes(self, "iphone_hash[]", 45)
size = self["header_length"].value - self.current_size / 8
if size > 0:
yield NullBytes(self, "padding", size)
for i in xrange(self["child_number"].value):
yield DataSet(self, "dataset[]")
padding = self.seekByte(self["entry_length"].value, "entry padding")
if padding:
yield padding
def createFields(self):
# Read chunk header
yield Bytes(self, "signature", 3, r"Property signature (\x8E\xAD\xE8)")
if self["signature"].value != "\x8E\xAD\xE8":
raise ParserError("Invalid property signature")
yield UInt8(self, "version", "Signature version")
yield NullBytes(self, "reserved", 4, "Reserved")
yield UInt32(self, "count", "Count")
yield UInt32(self, "size", "Size")
# Read item header
items = []
for i in range(0, self["count"].value):
item = ItemHeader(self, "item[]")
yield item
items.append(item)
# Sort items by their offset
items.sort(sortRpmItem)
# Read item content
start = self.current_size / 8
for item in items:
offset = item["offset"].value
diff = offset - (self.current_size / 8 - start)
if 0 < diff:
yield NullBytes(self, "padding[]", diff)
yield ItemContent(self, "content[]", item)
size = start + self["size"].value - self.current_size / 8
if 0 < size:
yield NullBytes(self, "padding[]", size)
def createFields(self):
yield UInt8(self, "version", "Version (0 or 1)")
yield NullBits(self, "flags", 20)
yield Bit(self, "is_in_poster")
yield Bit(self, "is_in_preview",
"Is this track used when previewing the presentation?")
yield Bit(self, "is_in_movie",
"Is this track used in the presentation?")
yield Bit(self, "is_enabled", "Is this track enabled?")
if self['version'].value == 0:
# 32-bit version
yield TimestampMac32(self, "creation_date",
"Creation time of this track")
yield TimestampMac32(self, "lastmod_date",
"Last modification time of this track")
yield UInt32(
self, "track_id",
"Unique nonzero identifier of this track within the presentation"
)
yield NullBytes(self, "reserved[]", 4)
yield UInt32(self, "duration",
"Length of track, in movie time-units")
elif self['version'].value == 1:
# 64-bit version
yield TimestampMac64(self, "creation_date",
"Creation time of this track")
yield TimestampMac64(self, "lastmod_date",
"Last modification time of this track")
yield UInt32(
self, "track_id",
"Unique nonzero identifier of this track within the presentation"
)
yield NullBytes(self, "reserved[]", 4)
yield UInt64(self, "duration",
"Length of track, in movie time-units")
yield NullBytes(self, "reserved[]", 8)
yield Int16(
self, "video_layer",
"Middle layer is 0; lower numbers are closer to the viewer")
yield Int16(self, "alternate_group",
"Group ID that this track belongs to (0=no group)")
yield QTFloat16(self, "volume",
"Track relative audio volume (1.0 = full)")
yield NullBytes(self, "reserved[]", 2)
yield QTFloat32(self, "geom_a", "Width scale")
yield QTFloat32(self, "geom_b", "Width rotate")
yield QTFloat2_30(self, "geom_u", "Width angle")
yield QTFloat32(self, "geom_c", "Height rotate")
yield QTFloat32(self, "geom_d", "Height scale")
yield QTFloat2_30(self, "geom_v", "Height angle")
yield QTFloat32(self, "geom_x", "Position X")
yield QTFloat32(self, "geom_y", "Position Y")
yield QTFloat2_30(self, "geom_w", "Divider scale")
yield QTFloat32(self, "frame_size_width")
yield QTFloat32(self, "frame_size_height")
def createFields(self):
# File mode
yield Bit(self, "other_exec")
yield Bit(self, "other_write")
yield Bit(self, "other_read")
yield Bit(self, "group_exec")
yield Bit(self, "group_write")
yield Bit(self, "group_read")
yield Bit(self, "owner_exec")
yield Bit(self, "owner_write")
yield Bit(self, "owner_read")
yield Bit(self, "sticky")
yield Bit(self, "setgid")
yield Bit(self, "setuid")
yield Enum(Bits(self, "file_type", 4), self.file_type)
yield UInt16(self, "uid", "User ID")
yield UInt32(self, "size", "File size (in bytes)")
yield TimestampUnix32(self, "atime", "Last access time")
yield TimestampUnix32(self, "ctime", "Creation time")
yield TimestampUnix32(self, "mtime", "Last modification time")
yield TimestampUnix32(self, "dtime", "Delete time")
yield UInt16(self, "gid", "Group ID")
yield UInt16(self, "links_count", "Links count")
yield UInt32(self, "blocks", "Number of blocks")
yield UInt32(self, "flags", "Flags")
yield NullBytes(self, "reserved[]", 4, "Reserved")
for index in xrange(15):
yield UInt32(self, "block[]")
yield UInt32(self, "version", "Version")
yield UInt32(self, "file_acl", "File ACL")
yield UInt32(self, "dir_acl", "Directory ACL")
yield UInt32(self, "faddr",
"Block where the fragment of the file resides")
os = self["/superblock/creator_os"].value
if os == SuperBlock.OS_LINUX:
yield UInt8(self, "frag", "Number of fragments in the block")
yield UInt8(self, "fsize", "Fragment size")
yield UInt16(self, "padding", "Padding")
yield UInt16(self, "uid_high", "High 16 bits of user ID")
yield UInt16(self, "gid_high", "High 16 bits of group ID")
yield NullBytes(self, "reserved[]", 4, "Reserved")
elif os == SuperBlock.OS_HURD:
yield UInt8(self, "frag", "Number of fragments in the block")
yield UInt8(self, "fsize", "Fragment size")
yield UInt16(self, "mode_high", "High 16 bits of mode")
yield UInt16(self, "uid_high", "High 16 bits of user ID")
yield UInt16(self, "gid_high", "High 16 bits of group ID")
yield UInt32(self, "author", "Author ID (?)")
else:
yield RawBytes(self, "raw", 12, "Reserved")
def parseVideoHeader(parent):
yield NullBytes(parent, "padding[]", 2)
yield String(parent, "fourcc", 4)
yield UInt32(parent, "size")
yield textHandler(UInt64(parent, "time_unit", "Frame duration"),
formatTimeUnit)
yield UInt64(parent, "sample_per_unit")
yield UInt32(parent, "default_len")
yield UInt32(parent, "buffer_size")
yield UInt16(parent, "bits_per_sample")
yield NullBytes(parent, "padding[]", 2)
yield UInt32(parent, "width")
yield UInt32(parent, "height")
yield NullBytes(parent, "padding[]", 4)
def createNullField(parent, nbits, name="padding[]", description=None):
if nbits <= 0:
raise FieldError("Unable to create null padding of %s bits" % nbits)
if (nbits % 8) == 0:
return NullBytes(parent, name, nbits / 8, description)
else:
return NullBits(parent, name, nbits, description)
def createFields(self):
yield UInt16(self, "left", "Left")
yield UInt16(self, "top", "Top")
yield UInt16(self, "width", "Width")
yield UInt16(self, "height", "Height")
yield Bits(self, "size_local_map", 3,
"log2(size of local map) minus one")
yield NullBits(self, "reserved", 2)
yield Bit(self, "sort_flag",
"Is the local map sorted by decreasing importance?")
yield Bit(self, "interlaced", "Interlaced?")
yield Bit(self, "has_local_map", "Use local color map?")
if self["has_local_map"].value:
nb_color = 1 << (1 + self["size_local_map"].value)
yield PaletteRGB(self, "local_map", nb_color, "Local color map")
yield UInt8(self, "lzw_min_code_size", "LZW Minimum Code Size")
group = None
while True:
size = UInt8(self, "block_size")
if size.value == 0:
break
block = CustomFragment(self, "image_block[]", None, GifImageBlock,
"GIF Image Block", group)
group = block.group
yield block
yield NullBytes(self, "terminator", 1, "Terminator (0)")
def createFields(self):
yield Bytes(self, "endian", 2, "Endian (0xFF 0xFE for Intel)")
yield UInt16(self, "format", "Format (0)")
yield UInt8(self, "os_version")
yield UInt8(self, "os_revision")
yield Enum(UInt16(self, "os_type"), OS_NAME)
yield GUID(self, "format_id")
yield UInt32(self, "section_count")
if MAX_SECTION_COUNT < self["section_count"].value:
raise ParserError("OLE2: Too much sections (%s)" %
self["section_count"].value)
section_indexes = []
for index in xrange(self["section_count"].value):
section_index = SummaryIndex(self, "section_index[]")
yield section_index
section_indexes.append(section_index)
for section_index in section_indexes:
self.seekByte(section_index["offset"].value)
yield SummarySection(self, "section[]")
size = (self.size - self.current_size) // 8
if 0 < size:
yield NullBytes(self, "end_padding", size)
def createFields(self):
yield String(self,
"magic",
len(self.MAGIC),
'Magic string (%r)' % self.MAGIC,
charset="ASCII")
yield UInt8(self, "major_version")
yield UInt8(self, "minor_version")
yield Enum(UInt8(self, "crypto"), self.CRYPTO_NAMES)
yield Enum(UInt8(self, "hash"), self.HASH_NAMES)
yield KeyringString(self, "keyring_name")
yield TimestampUnix64(self, "mtime")
yield TimestampUnix64(self, "ctime")
yield Bit(self, "lock_on_idle")
yield NullBits(self, "reserved[]", 31, "Reserved for future flags")
yield UInt32(self, "lock_timeout")
yield UInt32(self, "hash_iterations")
yield RawBytes(self, "salt", 8)
yield NullBytes(self, "reserved[]", 16)
yield Items(self, "items")
yield UInt32(self, "encrypted_size")
yield Deflate(
SubFile(self,
"encrypted",
self["encrypted_size"].value,
"AES128 CBC",
parser_class=EncryptedData))
def createFields(self):
yield IFDTag(self, "tag", "Tag")
yield Enum(UInt16(self, "type", "Type"), self.TYPE_NAME)
self.value_cls = self.ENTRY_FORMAT.get(self['type'].value, Bytes)
if issubclass(self.value_cls, Bytes):
self.value_size = 8
else:
self.value_size = self.value_cls.static_size
yield UInt32(self, "count", "Count")
if not issubclass(self.value_cls, Bytes) \
and self["count"].value > MAX_COUNT:
raise ParserError("EXIF: Invalid count value (%s)" % self["count"].value)
count = self['count'].value
totalsize = self.value_size * count
if count == 0:
yield NullBytes(self, "padding", 4)
elif totalsize <= 32:
name = "value"
if issubclass(self.value_cls, Bytes):
yield self.value_cls(self, name, count)
else:
if count > 1:
name += "[]"
for i in xrange(count):
yield self.value_cls(self, name)
if totalsize < 32:
yield NullBits(self, "padding", 32-totalsize)
else:
yield UInt32(self, "offset", "Value offset")
def createFields(self):
LONG = Int32
yield UInt32(self, "type", "Record type (always 1)")
yield UInt32(self, "size", "Size of the header in bytes")
yield RECT32(self, "Bounds", "Inclusive bounds")
yield RECT32(self, "Frame", "Inclusive picture frame")
yield textHandler(UInt32(self, "signature", "Signature ID (always 0x464D4520)"), hexadecimal)
yield UInt16(self, "min_ver", "Minor version")
yield UInt16(self, "maj_ver", "Major version")
yield UInt32(self, "file_size", "Size of the file in bytes")
yield UInt32(self, "NumOfRecords", "Number of records in the metafile")
yield UInt16(self, "NumOfHandles", "Number of handles in the handle table")
yield NullBytes(self, "reserved", 2)
yield UInt32(self, "desc_size", "Size of description in 16-bit words")
yield UInt32(self, "desc_ofst", "Offset of description string in metafile")
yield UInt32(self, "nb_colors", "Number of color palette entries")
yield LONG(self, "width_px", "Width of reference device in pixels")
yield LONG(self, "height_px", "Height of reference device in pixels")
yield LONG(self, "width_mm", "Width of reference device in millimeters")
yield LONG(self, "height_mm", "Height of reference device in millimeters")
# Read description (if any)
offset = self["desc_ofst"].value
current = (self.absolute_address + self.current_size) // 8
size = self["desc_size"].value * 2
if offset == current and size:
yield String(self, "description", size, charset="UTF-16-LE", strip="\0 ")
# Read padding (if any)
size = self["size"].value - self.current_size//8
if size:
yield RawBytes(self, "padding", size)
def createFields(self):
# Skip something (what is stored here? MBR?)
yield NullBytes(self, "padding[]", 1024)
# Read superblock
superblock = SuperBlock(self, "superblock")
yield superblock
if not (0 <= self["superblock/log_block_size"].value <= 2):
raise ParserError("EXT2: Invalid (log) block size")
self.block_size = 1024 << superblock["log_block_size"].value # in bytes
# Read groups' descriptor
field = self.seekByte(
((1023 + superblock.size / 8) / self.block_size + 1) *
self.block_size,
null=True)
if field:
yield field
groups = GroupDescriptors(self, "group_desc", superblock.group_count)
yield groups
# Read groups
address = groups["group[0]/block_bitmap"].value * self.block_size
field = self.seekByte(address, null=True)
if field:
yield field
for index in range(0, superblock.group_count):
yield Group(self, "group[]", index)
def createFields(self):
yield NullBytes(self, "unused", 6)
yield UInt8(self, "offsetIntSize", "Size (in bytes) of offsets in the offset table")
yield UInt8(self, "objectRefSize", "Size (in bytes) of object numbers in object references")
yield UInt64(self, "numObjects", "Number of objects in this file")
yield UInt64(self, "topObject", "Top-level object reference")
yield UInt64(self, "offsetTableOffset", "File offset to the offset table")
def createFields(self):
yield textHandler(UInt32(self, "signature", "Placeable Metafiles signature (0x9AC6CDD7)"), hexadecimal)
yield UInt16(self, "handle")
yield RECT16(self, "rect")
yield UInt16(self, "inch")
yield NullBytes(self, "reserved", 4)
yield textHandler(UInt16(self, "checksum"), hexadecimal)
def createFields(self):
yield FIB(self, "FIB", "File Information Block")
padding = (self['FIB/fcMin'].value - self.current_size // 8)
if padding:
yield NullBytes(self, "padding[]", padding)
if self['FIB/ccpText'].value:
yield Bytes(self, "text", self['FIB/ccpText'].value)
if self['FIB/ccpFtn'].value:
yield Bytes(self, "text_footnote", self['FIB/ccpFtn'].value)
if self['FIB/ccpHdr'].value:
yield Bytes(self, "text_header", self['FIB/ccpHdr'].value)
if self['FIB/ccpMcr'].value:
yield Bytes(self, "text_macro", self['FIB/ccpMcr'].value)
if self['FIB/ccpAtn'].value:
yield Bytes(self, "text_annotation", self['FIB/ccpAtn'].value)
padding = (self['FIB/fcMax'].value - self.current_size // 8)
if padding:
yield RawBytes(self, "padding[]", padding)
sepx_size = (self['FIB/pnChpFirst'].value * 512 -
self.current_size // 8)
if sepx_size:
yield SEPXGroup(self, "sepx", sepx_size)
def createFields(self):
yield FIB(self, "FIB", "File Information Block")
table = getOLE2Parser(self.ole2,
"table" + str(self["FIB/fWhichTblStm"].value))
padding = (self['FIB/fcMin'].value - self.current_size // 8)
if padding:
yield NullBytes(self, "padding[]", padding)
# Guess whether the file uses UTF16 encoding.
is_unicode = False
if self['FIB/array2/ccpText'].value * 2 == self[
'FIB/fcMax'].value - self['FIB/fcMin'].value:
is_unicode = True
for fieldname, textname in [('Text', 'text'), ('Ftn', 'text_footnote'),
('Hdr', 'text_header'),
('Mcr', 'text_macro'),
('Atn', 'text_annotation'),
('Edn', 'text_endnote'),
('Txbx', 'text_textbox'),
('HdrTxbx', 'text_header_textbox')]:
size = self['FIB/array2/ccp' + fieldname].value
if size:
if is_unicode:
yield String(self, textname, size * 2, charset="UTF-16-LE")
else:
yield Bytes(self, textname, size)
padding = (self['FIB/fcMax'].value - self.current_size // 8)
if padding:
yield RawBytes(self, "padding[]", padding)
def createFields(self):
# Header
yield NullBytes(self, "zero_vector", 16)
yield GUID(self, "fs_guid")
yield UInt64(self, "volume_len")
yield String(self, "signature", 4)
yield UInt32(self, "attributes")
yield UInt16(self, "header_len")
yield UInt16(self, "checksum")
yield UInt16(self, "ext_header_offset")
yield UInt8(self, "reserved")
yield UInt8(self, "revision")
while True:
bm = BlockMap(self, "block_map[]")
yield bm
if bm['num_blocks'].value == 0 and bm['len'].value == 0:
break
# TODO must handle extended header
# Content
while not self.eof:
padding = paddingSize(self.current_size // 8, 8)
if padding:
yield PaddingBytes(self, "padding[]", padding)
yield File(self, "file[]")
def createFields(self):
# First kilobyte: boot sectors
yield RawBytes(self, "boot", 1024, "Space for disklabel etc.")
# Header
yield UInt32(self, "version")
yield UInt32(self, "last_page")
yield UInt32(self, "nb_badpage")
yield UUID(self, "sws_uuid")
yield UUID(self, "sws_volume")
yield NullBytes(self, "reserved", 117 * 4)
# Read bad pages (if any)
count = self["nb_badpage"].value
if count:
if MAX_SWAP_BADPAGES < count:
raise ParserError("Invalid number of bad page (%u)" % count)
yield GenericVector(self, "badpages", count, UInt32, "badpage")
# Read magic
padding = self.seekByte(PAGE_SIZE - 10, "padding", null=True)
if padding:
yield padding
yield String(self, "magic", 10, charset="ASCII")
# Read all pages
yield GenericVector(self, "pages", self["last_page"].value, Page,
"page")
# Padding at the end
padding = self.seekBit(self.size, "end_padding", null=True)
if padding:
yield padding
def createFields(self):
yield String(self,
"signature",
4,
"PSD signature (8BPS)",
charset="ASCII")
yield UInt16(self, "version")
yield NullBytes(self, "reserved[]", 6)
yield UInt16(self, "nb_channels")
yield UInt32(self, "width")
yield UInt32(self, "height")
yield UInt16(self, "depth")
yield Enum(UInt16(self, "color_mode"), self.COLOR_MODE)
# Mode data
yield UInt32(self, "mode_data_size")
size = self["mode_data_size"].value
if size:
yield RawBytes(self, "mode_data", size)
# Resources
yield Config(self, "config")
# Reserved
yield UInt32(self, "reserved_data_size")
size = self["reserved_data_size"].value
if size:
yield RawBytes(self, "reserved_data", size)
yield Enum(UInt16(self, "compression"), self.COMPRESSION_NAME)
size = (self.size - self.current_size) // 8
if size:
yield RawBytes(self, "end", size)
def parseAviHeader(self):
yield UInt32(self, "microsec_per_frame", "Microsecond per frame")
yield UInt32(self, "max_byte_per_sec", "Maximum byte per second")
yield NullBytes(self, "reserved", 4)
# Flags
yield NullBits(self, "reserved[]", 4)
yield Bit(self, "has_index")
yield Bit(self, "must_use_index")
yield NullBits(self, "reserved[]", 2)
yield Bit(self, "is_interleaved")
yield NullBits(self, "reserved[]", 2)
yield Bit(self, "trust_cktype")
yield NullBits(self, "reserved[]", 4)
yield Bit(self, "was_capture_file")
yield Bit(self, "is_copyrighted")
yield NullBits(self, "reserved[]", 14)
yield UInt32(self, "total_frame", "Total number of frames in the video")
yield UInt32(self, "init_frame", "Initial frame (used in interleaved video)")
yield UInt32(self, "nb_stream", "Number of streams")
yield UInt32(self, "sug_buf_size", "Suggested buffer size")
yield UInt32(self, "width", "Width in pixel")
yield UInt32(self, "height", "Height in pixel")
yield UInt32(self, "scale")
yield UInt32(self, "rate")
yield UInt32(self, "start")
yield UInt32(self, "length")
def createFields(self):
yield NullBytes(self, "options", 4)
yield TimestampUnix32(self, "creation_date")
yield UInt16(self, "maj_ver", "Major version")
yield UInt16(self, "min_ver", "Minor version")
yield UInt16(self, "nb_name", "Number of named entries")
yield UInt16(self, "nb_index", "Number of indexed entries")
def createFields(self):
yield UInt32(self, "version")
yield UInt8(self, "has_realm")
yield PascalStringWin32(self, "writer_name", charset="UTF-16-BE")
yield PascalStringWin32(self, "reader_name", charset="UTF-16-BE")
yield UInt32(self, "file_version")
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "padding", size)
def createFields(self):
while not self.eof:
field = FileEntry(self, "file[]")
if field.isEmpty():
yield NullBytes(self, "terminator", 512)
break
yield field
if self.current_size < self._size:
yield self.seekBit(self._size, "end")
def createFields(self):
yield UInt32(self, "inode", "Inode")
yield UInt16(self, "rec_len", "Record length")
yield UInt8(self, "name_len", "Name length")
yield Enum(UInt8(self, "file_type", "File type"), self.file_type)
yield String(self, "name", self["name_len"].value, "File name")
size = (self._size - self.current_size) // 8
if size:
yield NullBytes(self, "padding", size)
def createFields(self):
yield UInt16(self, "size", "Node size (in bytes)")
yield UInt16(self, "data_size")
yield CString(self, "name", charset="ISO-8859-1")
size = paddingSize(self.current_size//8, 4)
if size:
yield NullBytes(self, "padding[]", size)
size = self["data_size"].value
if size:
if self["name"].value == "VS_VERSION_INFO":
yield VersionInfoBinary(self, "value", size=size*8)
else:
yield String(self, "value", size, charset="ISO-8859-1")
while 12 <= (self.size - self.current_size) // 8:
yield NE_VersionInfoNode(self, "node[]")
size = (self.size - self.current_size) // 8
if size:
yield NullBytes(self, "padding[]", size)
def createFields(self):
yield RawBytes(self, "md5", 16)
while True:
size = (self.size - self.current_size) // 8
if size < 77:
break
yield EncryptedItem(self, "item[]")
size = paddingSize(self.current_size // 8, 16)
if size:
yield NullBytes(self, "padding_align", size)
